Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SI

SI-9Information Input Restrictions

Information Input Restrictions

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: partial · 6 mapping(s) from 1 framework(s): ASVS 5.0 6 (partial)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (8)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-862Missing Authorization9,346Prevents missing authorization checks for input operations by restricting the capability itself.
CWE-284Improper Access Control5,367Directly enforces access control by limiting input capability exclusively to authorized personnel.
CWE-863Incorrect Authorization3,515Reduces incorrect authorization decisions by gating all input at the personnel/process level.
CWE-306Missing Authentication for Critical Function2,820Ensures critical input functions cannot be reached without prior authorization.
CWE-285Improper Authorization1,356Implements authorization checks on who may supply information to the system.
CWE-425Direct Request ('Forced Browsing')265Blocks unauthorized direct requests or forced browsing by denying input access to non-authorized actors.
CWE-807Reliance on Untrusted Inputs in a Security Decision83Reduces reliance on untrusted inputs by ensuring only authorized sources may supply data.
CWE-642External Control of Critical State Data18Limits external actors' ability to control critical state through input channels.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2026-276365.58.80.0212good
CVE-2026-244585.57.50.0026good
CVE-2021-478775.57.50.0024good
CVE-2025-526361.51.80.0014good
CVE-2025-145327.09.80.0054good
CVE-2019-254597.09.80.0043partial
CVE-2020-371867.09.80.0097good
CVE-2020-370907.09.80.0077good
CVE-2025-577947.09.10.0055good
CVE-2025-698287.010.00.0049good
CVE-2025-564257.09.10.0064good
CVE-2025-673257.09.80.0083good
CVE-2022-509127.09.80.0098good
CVE-2025-681097.09.10.0138good
CVE-2024-575957.09.80.0113good
CVE-2024-89587.09.80.0129good
CVE-2024-506607.09.80.0104good
CVE-2026-40453 UPD7.09.90.0086good
CVE-2026-321697.010.00.0055good
CVE-2025-662537.09.80.0209good
CVE-2020-360847.09.80.0066good
CVE-2026-303057.09.80.0115partial
CVE-2026-303077.09.80.0115partial
CVE-2024-91407.09.80.0178good
CVE-2024-583087.09.80.0061good

Other controls in family SI

SI-1 SI-10 SI-11 SI-12 SI-13 SI-14 SI-15 SI-16 SI-17 SI-18 SI-19 SI-2 SI-20 SI-21 SI-22 SI-23 SI-3 SI-4 SI-5 SI-6 SI-7 SI-8